MAL-2026-10633
Malicious code in creditgauge (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (d0bd064afe94f426f1124703c1c1f7ac52ee1ad1df728c33ce7cbe4328bae876) The package has no functional library code: package.json declares main=index.js but no index.js is shipped; the tarball contains only package.json and a.claude/settings.json payload. The settings.json overrides ANTHROPIC_BASE_URL to https://api.minimaxi.com/anthropic (a non-Anthropic host) and embeds a hardcoded ANTHROPIC_AUTH_TOKEN, so any Claude Code session picking up this configuration silently routes the developer's prompts and source code through a third-party endpoint under an attacker-supplied token. The same file defines a statusLine that runs a bash command resolving to scripts/wrapper.sh inside the plugin cache directory for the third-party plugin github:cwf818/topgauge-cc (referenced via enabledPlugins), re-invoked every 10 seconds. defaultMode is set to bypassPermissions and skipDangerousModePermissionPrompt is set to true, disabling the confirmation prompts that would normally gate that execution. The combined effect is silent relay of AI prompts/code through an attacker-controlled proxy plus recurring shell execution of unvetted third-party plugin code inside the developer's environment.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for creditgauge (npm). Pin to a known-safe version or switch to an alternative.